Software may be structured based on a Model-View-Controller (MVC) architecture. MVC may separate the presentation layer of an application (e.g., view component) from the state and processing logic of the application (e.g., model component) and the user interface of the application (e.g., controller component). In an example of operation, a user may interact with the control component, the control component interaction generating new input for the model component that may possibly cause processing logic in the model component to make changes. Changes made in the model component may result in corresponding changes that need to be made to the view, and in this regard the model component may send notifications that cause the view component to be updated. An updated version of the view may then be presented to the user, who, based on the updated view presentation, may further interact with the control component, causing the above operations to loop back to the control phase. The MVC architecture is capable, flexible, etc. in that the components may be modified, updated. etc. to improve the overall performance of the application without requiring a total rebuild.
However, while extremely functional, the modularity of applications based on MVC architecture may include some inherent vulnerability that may be attributable to the manner in which information is exchanged between the different components. For example, input information resulting from user interface interaction may be intercepted, changed, etc. prior to being received by the control component. Application state, behavior, etc. maintained by the model component may be affected by malware (e.g., malicious or malevolent software) running at a high privilege level (e.g., with access to the application's memory). In addition, information output by the application view component may be susceptible to interception, change, etc. by malware before being presented. Advances in hacking tools/strategies are allowing hackers to exploit these vulnerabilities, and thus, make software designed in this manner less useful, especially for applications handling confidential information.
Although the following Detailed Description will proceed with reference being made to illustrative embodiments, many alternatives, modifications and variations thereof will be apparent to those skilled in the art.